Dazzle Photo Intelligence
ReviewAudited by ClawScan on May 14, 2026.
Overview
This appears to be a disclosed Dazzle bridge for querying your own photo and personalization data, but it stores sign-in state and sends relevant personal queries to Dazzle after setup.
Install this only if you want OpenClaw to consult Dazzle using your account and are comfortable with relevant personal prompts and photo-context queries going to Dazzle. The visible artifacts describe read-only querying; if any remote Dazzle tool appears to buy, post, delete, or otherwise change data, review it carefully before approval. Remove the MCP server and revoke Dazzle access when you no longer need it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and authorized, the skill can keep using the user's Dazzle session until tokens are removed or revoked.
The bridge stores OAuth access and refresh tokens so it can keep querying the user's Dazzle account after the first sign-in.
_FIELDS: Final[tuple[str, ...]] = ("refresh_token", "access_token", "expires_at", "client_id", "host")Authorize only if you trust Dazzle for this account access, keep the local keyring/OpenClaw config private, and revoke or remove the MCP server when you no longer need it.
Dazzle responses may use or reveal sensitive personal history, locations, photos, and preferences.
The skill intentionally relies on persistent personal context and inferred preferences held by Dazzle.
Scope is read-only on the user's own Dazzle account: photos and metadata, places visited, inferred preferences, self-referential context.
Use this only for queries where you want Dazzle's personal context involved, and revoke access if you do not want that context reused.
Prompts, tool parameters, and returned personal data may pass through Dazzle's hosted service, and the local artifacts do not enumerate every remote tool.
Tool calls are relayed to a hosted remote MCP endpoint rather than being handled entirely in the local skill.
forwards each JSON-RPC request to Dazzle's HTTPS /mcp endpoint with a fresh bearer token
Review Dazzle's privacy and account controls, and require explicit review before allowing any remote tool that appears to mutate data or perform purchases.
Future compatible dependency releases could affect runtime behavior even if the skill source stays the same.
The documented uvx-based setup may resolve version-ranged Python dependencies rather than a fully pinned lockfile.
dependencies = ["mcp>=1.27", "httpx>=0.28", "keyring>=25.7", "keyrings.alt>=5"]
Install from the reviewed skill directory and consider pinning or reviewing dependencies in environments with stricter supply-chain requirements.